[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c75333a by Salvatore Bonaccorso at 2022-05-18T22:47:49+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6222,13 +6222,13 @@ CVE-2022-28960 CVE-2022-28959 RESERVED CVE-2022-28958 (D-Link DIR816L_FW206b01 was discovered to contain a remote code execut ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-28957 RESERVED CVE-2022-28956 (An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-28955 (An access control issue in D-Link DIR816L_FW206b01 allows unauthentica ...) - TODO: check + NOT-FOR-US: D-Link CVE-2022-28954 RESERVED CVE-2022-28953 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c75333ab8459da16b458e79da812a69aaf46080 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c75333ab8459da16b458e79da812a69aaf46080 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f525912a by Salvatore Bonaccorso at 2022-05-18T22:43:42+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -518,7 +518,7 @@ CVE-2022-1769 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. CVE-2022-1768 RESERVED CVE-2022-1767 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) - TODO: check + NOT-FOR-US: jgraph/drawio CVE-2022-1766 RESERVED CVE-2022-1765 @@ -790,7 +790,7 @@ CVE-2022-1729 CVE-2022-1728 (Allowing long password leads to denial of service in polonel/trudesk i ...) NOT-FOR-US: Trudesk CVE-2022-1727 (Improper Input Validation in GitHub repository jgraph/drawio prior to ...) - TODO: check + NOT-FOR-US: jgraph/drawio CVE-2022-1726 (Bootstrap Tables XSS vulnerability with Table Export plug-in when expo ...) TODO: check CVE-2022-1725 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.495 ...) @@ -2947,7 +2947,7 @@ CVE-2022-30107 CVE-2022-30106 RESERVED CVE-2022-30105 (In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden ...) - TODO: check + NOT-FOR-US: Belkin CVE-2022-30104 RESERVED CVE-2022-30103 @@ -3680,7 +3680,7 @@ CVE-2022-29824 (In libxml2 before 2.9.14, several buffer handling functions in b NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master) CVE-2022-29516 (The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 35 ...) - TODO: check + NOT-FOR-US: FUJITSU CVE-2022-29823 RESERVED CVE-2022-29822 @@ -4283,23 +4283,23 @@ CVE-2022-29648 CVE-2022-29647 RESERVED CVE-2022-29646 (An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-29645 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-29644 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-29643 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-29642 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-29641 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-29640 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-29639 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-29638 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-29637 RESERVED CVE-2022-29636 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f525912abe7c4e4f0953de41a190f14e26b31f27 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f525912abe7c4e4f0953de41a190f14e26b31f27 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some moodle CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae34ff8d by Salvatore Bonaccorso at 2022-05-18T22:40:26+02:00 Process some moodle CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1500,15 +1500,15 @@ CVE-2022- [RUSTSEC-2022-0020] - rust-crossbeam NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0020.html CVE-2022-30600 (A flaw was found in moodle where logic used to count failed login atte ...) - TODO: check + - moodle CVE-2022-30599 (A flaw was found in moodle where an SQL injection risk was identified ...) - TODO: check + - moodle CVE-2022-30598 (A flaw was found in moodle where global search results could include a ...) - TODO: check + - moodle CVE-2022-30597 (A flaw was found in moodle where the description user field was not hi ...) - TODO: check + - moodle CVE-2022-30596 (A flaw was found in moodle where ID numbers displayed when bulk alloca ...) - TODO: check + - moodle CVE-2022-30595 RESERVED CVE-2022-30593 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae34ff8d0e7f02b9a3d4e09b9db3d9dfeac3825b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae34ff8d0e7f02b9a3d4e09b9db3d9dfeac3825b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 19db8a88 by Salvatore Bonaccorso at 2022-05-18T22:38:13+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4983,9 +4983,9 @@ CVE-2022-29407 CVE-2022-29406 RESERVED CVE-2022-28717 (Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C ...) - TODO: check + NOT-FOR-US: Rebooter CVE-2022-27632 (Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT ...) - TODO: check + NOT-FOR-US: Rebooter CVE-2022-1387 RESERVED CVE-2022-1386 (The Fusion Builder WordPress plugin before 3.6.2, used in the Avada th ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19db8a8874bd167a6f357571f414864ce89e3dff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19db8a8874bd167a6f357571f414864ce89e3dff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1795/gpac
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 64f0c69f by Salvatore Bonaccorso at 2022-05-18T22:34:24+02:00 Add CVE-2022-1795/gpac - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -443,7 +443,9 @@ CVE-2022-29496 CVE-2022-1796 RESERVED CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. ...) - TODO: check + - gpac + NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc + NOTE: https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514 CVE-2022-1794 RESERVED CVE-2022-1793 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64f0c69f142a9d71184e1fe521145918b9b183cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64f0c69f142a9d71184e1fe521145918b9b183cb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 11b03b8e by Salvatore Bonaccorso at 2022-05-18T22:26:41+02:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6304,7 +6304,7 @@ CVE-2022-28919 (HTMLCreator release_stable_2020-07-29 was discovered to contain CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletio ...) NOT-FOR-US: GreenCMS CVE-2022-28917 (Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2022-28916 RESERVED CVE-2022-28915 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injec ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11b03b8ef38edc5f5b16a03c167be2957922fd26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11b03b8ef38edc5f5b16a03c167be2957922fd26 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3035f313 by security tracker role at 2022-05-18T20:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,487 @@ +CVE-2022-31198 + RESERVED +CVE-2022-31197 + RESERVED +CVE-2022-31196 + RESERVED +CVE-2022-31195 + RESERVED +CVE-2022-31194 + RESERVED +CVE-2022-31193 + RESERVED +CVE-2022-31192 + RESERVED +CVE-2022-31191 + RESERVED +CVE-2022-31190 + RESERVED +CVE-2022-31189 + RESERVED +CVE-2022-31188 + RESERVED +CVE-2022-31187 + RESERVED +CVE-2022-31186 + RESERVED +CVE-2022-31185 + RESERVED +CVE-2022-31184 + RESERVED +CVE-2022-31183 + RESERVED +CVE-2022-31182 + RESERVED +CVE-2022-31181 + RESERVED +CVE-2022-31180 + RESERVED +CVE-2022-31179 + RESERVED +CVE-2022-31178 + RESERVED +CVE-2022-31177 + RESERVED +CVE-2022-31176 + RESERVED +CVE-2022-31175 + RESERVED +CVE-2022-31174 + RESERVED +CVE-2022-31173 + RESERVED +CVE-2022-31172 + RESERVED +CVE-2022-31171 + RESERVED +CVE-2022-31170 + RESERVED +CVE-2022-31169 + RESERVED +CVE-2022-31168 + RESERVED +CVE-2022-31167 + RESERVED +CVE-2022-31166 + RESERVED +CVE-2022-31165 + RESERVED +CVE-2022-31164 + RESERVED +CVE-2022-31163 + RESERVED +CVE-2022-31162 + RESERVED +CVE-2022-31161 + RESERVED +CVE-2022-31160 + RESERVED +CVE-2022-31159 + RESERVED +CVE-2022-31158 + RESERVED +CVE-2022-31157 + RESERVED +CVE-2022-31156 + RESERVED +CVE-2022-31155 + RESERVED +CVE-2022-31154 + RESERVED +CVE-2022-31153 + RESERVED +CVE-2022-31152 + RESERVED +CVE-2022-31151 + RESERVED +CVE-2022-31150 + RESERVED +CVE-2022-31149 + RESERVED +CVE-2022-31148 + RESERVED +CVE-2022-31147 + RESERVED +CVE-2022-31146 + RESERVED +CVE-2022-31145 + RESERVED +CVE-2022-31144 + RESERVED +CVE-2022-31143 + RESERVED +CVE-2022-31142 + RESERVED +CVE-2022-31141 + RESERVED +CVE-2022-31140 + RESERVED +CVE-2022-31139 + RESERVED +CVE-2022-31138 + RESERVED +CVE-2022-31137 + RESERVED +CVE-2022-31136 + RESERVED +CVE-2022-31135 + RESERVED +CVE-2022-31134 + RESERVED +CVE-2022-31133 + RESERVED +CVE-2022-31132 + RESERVED +CVE-2022-31131 + RESERVED +CVE-2022-31130 + RESERVED +CVE-2022-31129 + RESERVED +CVE-2022-31128 + RESERVED +CVE-2022-31127 + RESERVED +CVE-2022-31126 + RESERVED +CVE-2022-31125 + RESERVED +CVE-2022-31124 + RESERVED +CVE-2022-31123 + RESERVED +CVE-2022-31122 + RESERVED +CVE-2022-31121 + RESERVED +CVE-2022-31120 + RESERVED +CVE-2022-31119 + RESERVED +CVE-2022-31118 + RESERVED +CVE-2022-31117 + RESERVED +CVE-2022-31116 + RESERVED +CVE-2022-31115 + RESERVED +CVE-2022-31114 + RESERVED +CVE-2022-31113 + RESERVED +CVE-2022-31112 + RESERVED +CVE-2022-3 + RESERVED +CVE-2022-31110 + RESERVED +CVE-2022-31109 + RESERVED +CVE-2022-31108 + RESERVED +CVE-2022-31107 + RESERVED +CVE-2022-31106 + RESERVED +CVE-2022-31105 + RESERVED +CVE-2022-31104 + RESERVED +CVE-2022-31103 + RESERVED +CVE-2022-31102 + RESERVED +CVE-2022-31101 + RESERVED +CVE-2022-31100 + RESERVED +CVE-2022-31099 + RESERVED +CVE-2022-31098 + RESERVED +CVE-2022-31097 + RESERVED +CVE-2022-31096 + RESERVED +CVE-2022-31095 + RESERVED +CVE-2022-31094 + RESERVED +CVE-2022-31093 + RESERVED +CVE-2022-31092 + RESERVED +CVE-2022-31091 + RESERVED +CVE-2022-31090 + RESERVED +CVE-2022-31089 + RESERVED +CVE-2022-31088 + RESERVED +CVE-2022-31087 + RESERVED +CVE-2022-31086 + RESERVED +CVE-2022-31085 + RESERVED +CVE-2022-31084 + RESERVED +CVE-2022-31083 + RESERVED +CVE-2022-31082 + RESERVED +CVE-2022-31081 + RESERVED +CVE-2022-31080 + RESERVED +CVE-2022-31079 + RESERVED +CVE-2022-31078 + RESERVED +CVE-2022-31077 + RESERVED +CVE-2022-31076 + RESERVED +CVE-2022-31075 + RESERVED +CVE-2022-31074 + RESERVED +CVE-2022-31073 + RESERVED +CVE-2022-31072 + RESERVED +CVE-2022-31071 + RESERVED +CVE-2022-31070 + RESERVED +CVE-2022-31069 + RESERVED +CVE-2022-31068 + RESERVED +CVE-2022-31067 + RESERVED +CVE-2022-31066 + RESERVED +CVE-2022-31065 + RESERVED +CVE-2022-31064 + RESERVED +CVE-2022-31063 + RESERVED +CVE-2022-31062 + RESERVED +CVE-2022-31061 + RESERVED +CVE-2022-31060 + RESERVED +CVE-2022-31059 + RESERVED +CVE-2022-31058 +
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-1183/bind9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7be16e13 by Salvatore Bonaccorso at 2022-05-18T20:47:38+02:00 Add CVE-2022-1183/bind9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7756,6 +7756,11 @@ CVE-2022-1184 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070205 CVE-2022-1183 RESERVED + - bind9 1:9.18.3-1 + [bullseye] - bind9 (Vulnerable code not present) + [buster] - bind9 (Vulnerable code not present) + [stretch] - bind9 (Vulnerable code not present) + NOTE: https://kb.isc.org/v1/docs/cve-2022-1183 CVE-2022-1182 (The Visual Slide Box Builder WordPress plugin through 3.2.9 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-1181 (Stored Cross Site Scripting in GitHub repository openemr/openemr prior ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7be16e1359d90daf662458cb253f8bccf15792a2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7be16e1359d90daf662458cb253f8bccf15792a2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Restore reference to Debian bug for CVE-2022-0577
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c59bad80 by Salvatore Bonaccorso at 2022-05-18T20:43:53+02:00 Restore reference to Debian bug for CVE-2022-0577 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16985,7 +16985,7 @@ CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with NOTE: https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52 CVE-2022-0577 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) {DLA-2950-1} - - python-scrapy 2.6.1-1 + - python-scrapy 2.6.1-1 (bug #1008234) NOTE: https://github.com/advisories/GHSA-cjvr-mfj7-j4j8 NOTE: https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585 NOTE: https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c59bad80b66ed561218654fafd7d7357a5f48422 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c59bad80b66ed561218654fafd7d7357a5f48422 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fixed CVE-2022-0577 in python-scrapy 2.6.1-1
Stefano Rivera pushed to branch master at Debian Security Tracker / security-tracker Commits: 17823016 by Stefano Rivera at 2022-05-18T14:40:04-04:00 Fixed CVE-2022-0577 in python-scrapy 2.6.1-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16985,7 +16985,7 @@ CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with NOTE: https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52 CVE-2022-0577 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) {DLA-2950-1} - - python-scrapy (bug #1008234) + - python-scrapy 2.6.1-1 NOTE: https://github.com/advisories/GHSA-cjvr-mfj7-j4j8 NOTE: https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585 NOTE: https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17823016f64af95ba2e316b95936584d3bca70d3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17823016f64af95ba2e316b95936584d3bca70d3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3014-1 for elog
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: ff3c833f by Utkarsh Gupta at 2022-05-18T17:26:43+05:30 Reserve DLA-3014-1 for elog - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[18 May 2022] DLA-3014-1 elog - security update + {CVE-2020-8659} + [stretch] - elog 3.1.2-1-1+deb9u1 [18 May 2022] DLA-3013-1 needrestart - security update {CVE-2022-30688} [stretch] - needrestart 2.11-3+deb9u2 = data/dla-needed.txt = @@ -56,10 +56,6 @@ debian-security-support (Utkarsh) NOTE: 20220502: backport prepped, will contact Holger for more details. (utkarsh) NOTE: 20220516: in review, will also co-help Holger to maintain this. (utkarsh) -- -elog (Utkarsh) - NOTE: 20220517: Please check further. It looks like a denial of service can be triggered remotely without - NOTE: 20220517: authentication. If that is the case it should be fixed. If it cannot be triggered remotely then it can be postponed. --- exempi NOTE: 20220517: A lot of packages reverse depends on libexmpi8. Further analysis NOTE: 20220517: is needed. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff3c833ff2492d3325da66f7bd09e4452cee468a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff3c833ff2492d3325da66f7bd09e4452cee468a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f0129be1 by Salvatore Bonaccorso at 2022-05-18T13:32:32+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2567,11 +2567,11 @@ CVE-2022-30056 CVE-2022-30055 (Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that ...) NOT-FOR-US: Prime95 CVE-2022-30054 (In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerab ...) - TODO: check + NOT-FOR-US: Covid 19 Travel Pass Management CVE-2022-30053 (In Toll Tax Management System 1.0, the id parameter appears to be vuln ...) - TODO: check + NOT-FOR-US: Toll Tax Management System CVE-2022-30052 (In Home Clean Service System 1.0, the password parameter is vulnerable ...) - TODO: check + NOT-FOR-US: Home Clean Service System CVE-2022-30051 RESERVED CVE-2022-30050 (Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via ...) @@ -4124,9 +4124,9 @@ CVE-2022-29541 CVE-2022-29540 RESERVED CVE-2022-29539 (resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Inject ...) - TODO: check + NOT-FOR-US: RESI Gemini-Net CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control in auth ...) - TODO: check + NOT-FOR-US: RESI Gemini-Net CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a hea ...) - gpac [bullseye] - gpac (Minor issue) @@ -4436,9 +4436,9 @@ CVE-2022-29438 CVE-2022-29437 RESERVED CVE-2022-29436 (Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokm ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-29435 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann' ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-29434 RESERVED CVE-2022-29433 (Authenticated (contributor or higher role) Cross-Site Scripting (XSS) ...) @@ -4450,7 +4450,7 @@ CVE-2022-29431 CVE-2022-29430 RESERVED CVE-2022-29429 (Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Exte ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-29428 RESERVED CVE-2022-29427 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0129be1fe5b257f0f160b0044e4678595923b0e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0129be1fe5b257f0f160b0044e4678595923b0e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-3097{4,5}/mujs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0deae572 by Salvatore Bonaccorso at 2022-05-18T13:24:06+02:00 Add CVE-2022-3097{4,5}/mujs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,9 +3,11 @@ CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf NOTE: https://github.com/gpac/gpac/issues/2179 NOTE: https://github.com/gpac/gpac/commit/915e2cba715f36b7cc29e2117831ca143d78 CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL p ...) - TODO: check + - mujs + NOTE: https://github.com/ccxvii/mujs/issues/161 CVE-2022-30974 (compile in regexp.c in Artifex MuJS through 1.2.0 results in stack con ...) - TODO: check + - mujs + NOTE: https://github.com/ccxvii/mujs/issues/162 CVE-2022-1775 RESERVED CVE-2022-1774 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0deae572292a0f5ae9306b322793c131ec9f73f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0deae572292a0f5ae9306b322793c131ec9f73f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2022-30976/gpac
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad2b562b by Salvatore Bonaccorso at 2022-05-18T13:14:26+02:00 Reference upstream commit for CVE-2022-30976/gpac - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,7 @@ CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...) - gpac NOTE: https://github.com/gpac/gpac/issues/2179 + NOTE: https://github.com/gpac/gpac/commit/915e2cba715f36b7cc29e2117831ca143d78 CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL p ...) TODO: check CVE-2022-30974 (compile in regexp.c in Artifex MuJS through 1.2.0 results in stack con ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad2b562b51e1dc90183a3e95fd348df72417932f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad2b562b51e1dc90183a3e95fd348df72417932f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2022-30976/gpac
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6fdd9226 by Salvatore Bonaccorso at 2022-05-18T13:13:56+02:00 Add CVE-2022-30976/gpac - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,6 @@ CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/2179 CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL p ...) TODO: check CVE-2022-30974 (compile in regexp.c in Artifex MuJS through 1.2.0 results in stack con ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fdd9226fcaac5ea02f981f196421244f7dbed85 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fdd9226fcaac5ea02f981f196421244f7dbed85 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 065f18da by Neil Williams at 2022-05-18T11:59:25+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4629,7 +4629,7 @@ CVE-2022-29353 (An arbitrary file upload vulnerability in the file upload module CVE-2022-29352 RESERVED CVE-2022-29351 (An arbitrary file upload vulnerability in the file upload module of Ti ...) - TODO: check + NOT-FOR-US: tiddlywiki CVE-2022-29350 RESERVED CVE-2022-29349 @@ -5074,7 +5074,7 @@ CVE-2022-29182 CVE-2022-29181 RESERVED CVE-2022-29180 (A vulnerability in which attackers could forge HTTP requests to manipu ...) - TODO: check + NOT-FOR-US: charmbracelet/charm CVE-2022-29179 RESERVED CVE-2022-29178 @@ -5086,7 +5086,7 @@ CVE-2022-29176 (Rubygems is a package registry used to supply software for the R CVE-2022-29175 REJECTED CVE-2022-29174 (countly-server is the server-side part of Countly, a product analytics ...) - TODO: check + NOT-FOR-US: countly-server CVE-2022-29173 (go-tuf is a Go implementation of The Update Framework (TUF). go-tuf do ...) - golang-github-endophage-gotuf [stretch] - golang-github-endophage-gotuf (Vulnerable code not present) @@ -6624,9 +6624,9 @@ CVE-2022-28619 CVE-2022-28618 RESERVED CVE-2022-28617 (A remote bypass security restrictions vulnerability was discovered in ...) - TODO: check + NOT-FOR-US: HPE OneView CVE-2022-28616 (A remote server-side request forgery (ssrf) vulnerability was discover ...) - TODO: check + NOT-FOR-US: HPE OneView CVE-2022-28615 RESERVED CVE-2022-28614 @@ -7899,15 +7899,15 @@ CVE-2022-28191 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU - nvidia-graphics-drivers-tesla-510 (bug #1011147) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 CVE-2022-28190 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA Windows drivers CVE-2022-28189 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA Windows drivers CVE-2022-28188 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA Windows drivers CVE-2022-28187 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA Windows drivers CVE-2022-28186 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA Windows drivers CVE-2022-28185 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers (bug #1011140) [bullseye] - nvidia-graphics-drivers (Non-free not supported) @@ -7948,7 +7948,7 @@ CVE-2022-28183 (NVIDIA GPU Display Driver for Windows and Linux contains a vulne - nvidia-graphics-drivers-tesla-510 (bug #1011147) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 CVE-2022-28182 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) - TODO: check + NOT-FOR-US: NVIDIA Windows drivers CVE-2022-28181 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) - nvidia-graphics-drivers (bug #1011140) [bullseye] - nvidia-graphics-drivers (Non-free not supported) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/065f18da49db5b2628ce339ca5cd736255f6b74f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/065f18da49db5b2628ce339ca5cd736255f6b74f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note in dla-needed
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: ce44f8b4 by Abhijith PA at 2022-05-18T16:20:59+05:30 update note in dla-needed - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -85,8 +85,10 @@ gpac NOTE: 20220413: New CVEs continue flooding in (roberto) NOTE: 20220427: Preparing to work with security team to declare EOL (roberto) -- -icingaweb2 +icingaweb2 (Abhijith PA) NOTE: https://people.debian.org/~abhijith/upload/mruby/icingaweb2_2.4.1-1+deb9u2.dsc (abhijith) + NOTE: 20220522: Pinged upstream for missing patches. Will write an detail + NOTE: 20220522: email about situation (abhijith) -- intel-microcode (Stefano Rivera) NOTE: 20220213: please recheck View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce44f8b4884adc27f91a28bc7cfa3caf0bcc279c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce44f8b4884adc27f91a28bc7cfa3caf0bcc279c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 35be4da3 by Neil Williams at 2022-05-18T11:41:47+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17308,7 +17308,7 @@ CVE-2022-24858 (next-auth v3 users before version 3.29.2 are impacted. next-auth CVE-2022-24857 (django-mfa3 is a library that implements multi factor authentication f ...) NOT-FOR-US: django-mfa3 CVE-2022-24856 (FlyteConsole is the web user interface for the Flyte platform. FlyteCo ...) - TODO: check + NOT-FOR-US: flyteorg/flyteconsole CVE-2022-24855 (Metabase is an open source business intelligence and analytics applica ...) NOT-FOR-US: Metabase CVE-2022-24854 (Metabase is an open source business intelligence and analytics applica ...) @@ -18191,7 +18191,7 @@ CVE-2022-24613 (metadata-extractor up to 2.16.0 can throw various uncaught excep CVE-2022-24612 (An authenticated user can upload an XML file containing an XSS via the ...) NOT-FOR-US: EyesOfNetwork (EON) eonweb CVE-2022-24611 (Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specificati ...) - TODO: check + NOT-FOR-US: Z-Wave devices CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto DVC-215IP ca ...) NOT-FOR-US: Alecto CVE-2022-24609 (Luocms v2.0 is affected by an incorrect access control vulnerability. ...) @@ -18749,19 +18749,19 @@ CVE-2022-24396 (The Simple Diagnostics Agent - versions 1.0 up to version 1.57, CVE-2022-24395 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...) NOT-FOR-US: SAP CVE-2022-24394 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) - TODO: check + NOT-FOR-US: Fidelis CVE-2022-24393 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) - TODO: check + NOT-FOR-US: Fidelis CVE-2022-24392 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) - TODO: check + NOT-FOR-US: Fidelis CVE-2022-24391 (Vulnerability in Fidelis Network and Deception CommandPost enables SQL ...) - TODO: check + NOT-FOR-US: Fidelis CVE-2022-24390 (Vulnerability in rconfig remote_text_file enables an att ...) - TODO: check + NOT-FOR-US: Fidelis CVE-2022-24389 (Vulnerability in rconfig cert_utils enables an attacker ...) - TODO: check + NOT-FOR-US: Fidelis CVE-2022-24388 (Vulnerability in rconfig date enables an attacker with u ...) - TODO: check + NOT-FOR-US: Fidelis CVE-2022-24387 (With administrator or admin privileges the application can be tricked ...) NOT-FOR-US: SmarterTrack CVE-2022-24386 (Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterToo ...) @@ -19800,7 +19800,7 @@ CVE-2022-24110 (Kiteworks MFT 7.5 may allow an unauthorized user to reset other CVE-2022-24109 RESERVED CVE-2022-24108 (The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remot ...) - TODO: check + NOT-FOR-US: OpenCart plugin CVE-2022-24107 RESERVED CVE-2022-24106 @@ -21582,7 +21582,7 @@ CVE-2022-23708 (A flaw was discovered in Elasticsearch 7.17.0s upgrade as CVE-2022-23707 (An XSS vulnerability was found in Kibana index patterns. Using this vu ...) - kibana (bug #700337) CVE-2022-23706 (A remote cross-site scripting (xss) vulnerability was discovered in HP ...) - TODO: check + NOT-FOR-US: HPE OneView CVE-2022-23705 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...) NOT-FOR-US: HPE CVE-2022-23704 (A potential security vulnerability has been identified in Integrated L ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35be4da3b4a9a58e9b1bf324603e1a9e3c15e8ba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35be4da3b4a9a58e9b1bf324603e1a9e3c15e8ba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-1379/plantuml not-affected, vulnerable code introduced in 1.2020.11
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: 83619281 by Neil Williams at 2022-05-18T11:18:14+01:00 CVE-2022-1379/plantuml not-affected, vulnerable code introduced in 1.2020.11 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4809,7 +4809,10 @@ CVE-2022-29267 CVE-2022-1380 (Stored Cross Site Scripting vulnerability in Item name parameter in Gi ...) - snipe-it (bug #1005172) CVE-2022-1379 (URL Restriction Bypass in GitHub repository plantuml/plantuml prior to ...) - TODO: check + - plantuml (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/0d737527-86e1-41d1-9d37-b2de36bc063a + NOTE: https://github.com/plantuml/plantuml/commit/93e5964e5f35914f3f7b89de620c596795550083 (v1.2022.5) + NOTE: Introduced in https://github.com/plantuml/plantuml/commit/3192fa218c2ad0420d03de70f57f8521e1de315d (v1.2020.11) CVE-2022-29266 (In APache APISIX before 3.13.1, the jwt-auth plugin has a security iss ...) NOT-FOR-US: Apache APISIX CVE-2022-1378 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/836192817653bc698e0fd1f1e607a36c28d17f85 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/836192817653bc698e0fd1f1e607a36c28d17f85 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: eec7d481 by Neil Williams at 2022-05-18T10:55:27+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4851,19 +4851,19 @@ CVE-2022-1364 CVE-2022-1363 RESERVED CVE-2022-1362 (The affected On-Premise cnMaestro is vulnerable inside a specific rout ...) - TODO: check + NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1361 (The affected On-Premise cnMaestro is vulnerable to a pre-auth data exf ...) - TODO: check + NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1360 (The affected On-Premise cnMaestro is vulnerable to execution of code o ...) - TODO: check + NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1359 (The affected On-Premise cnMaestro is vulnerable to an arbitrary file-w ...) - TODO: check + NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1358 (The affected On-Premise is vulnerable to data exfiltration through imp ...) - TODO: check + NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1357 (The affected On-Premise cnMaestro allows an unauthenticated attacker t ...) - TODO: check + NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By default, a ...) - TODO: check + NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1355 RESERVED - tiff 4.3.0-8 (bug #1011160) @@ -21641,43 +21641,43 @@ CVE-2022-23677 (A remote execution of arbitrary code vulnerability was discovere CVE-2022-23676 (A remote execution of arbitrary code vulnerability was discovered in A ...) NOT-FOR-US: Aruba CVE-2022-23675 (A remote authenticated stored cross-site scripting (xss) vulnerability ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23674 (A remote authenticated stored cross-site scripting (xss) vulnerability ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23673 (A authenticated remote command injection vulnerability was discovered ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23672 (A authenticated remote command injection vulnerability was discovered ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23671 (A remote authenticated information disclosure vulnerability was discov ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23670 (A remote authenticated information disclosure vulnerability was discov ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23669 (A remote authorization bypass vulnerability was discovered in Aruba Cl ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23668 (A remote authenticated server-side request forgery (ssrf) vulnerabilit ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23667 (A authenticated remote command injection vulnerability was discovered ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23666 (A authenticated remote command injection vulnerability was discovered ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23665 (A authenticated remote command injection vulnerability was discovered ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23664 (A authenticated remote command injection vulnerability was discovered ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23663 (A authenticated remote command injection vulnerability was discovered ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23662 (A authenticated remote command injection vulnerability was discovered ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23661 (A authenticated remote command injection vulnerability was discovered ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23660 (A remote authentication bypass vulnerability was discovered in Aruba C ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23659 (A remote reflected cross site scripting (xss) vulnerability was discov ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23658 (A remote authentication bypass vulnerability was discovered in Aruba C ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23657 (A remote authentication bypass vulnerability was discovered in Aruba C ...) - TODO: check + NOT-FOR-US: Aruba Networks ClearPass CVE-2022-23656 (Zulip is an open source team chat app. The `main` development branch o ...) - zulip-server (bug #800052) CVE-2022-23655 (Octobercms is a
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker Commits: d73ed1a3 by Neil Williams at 2022-05-18T10:04:58+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,7 +15,7 @@ CVE-2022-1772 CVE-2022-1771 RESERVED CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) gem throug ...) - TODO: check + NOT-FOR-US: bvsatyaram/random_password_generator CVE-2022-30973 RESERVED CVE-2022-1770 @@ -10686,7 +10686,7 @@ CVE-2022-0998 (An integer overflow flaw was found in the Linux kernels vi NOTE: https://git.kernel.org/linus/3ed21c1451a14d139e1ceb18f2fa70865ce3195a (5.16-rc6) NOTE: CONFIG_VHOST_VDPA not set in Debian CVE-2022-0997 (Improper file permissions in the CommandPost, Collector, and Sensor co ...) - TODO: check + NOT-FOR-US: Fidelis CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that allows expi ...) - 389-ds-base 2.0.15-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769 @@ -38830,7 +38830,7 @@ CVE-2021-42945 (A SQL Injection vulnerability exists in ZZCMS 2021 via the askbi CVE-2021-42944 RESERVED CVE-2021-42943 (Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan ...) - TODO: check + - ipplan CVE-2021-42942 RESERVED CVE-2021-42941 @@ -38929,7 +38929,7 @@ CVE-2021-42899 CVE-2021-42898 RESERVED CVE-2021-42897 (A remote command execution (RCE) vulnerability was found in FeMiner wm ...) - TODO: check + NOT-FOR-US: FeMiner/wms CVE-2021-42896 RESERVED CVE-2021-42895 @@ -38983,7 +38983,7 @@ CVE-2021-42872 CVE-2021-42871 RESERVED CVE-2021-42870 (ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing ...) - TODO: check + NOT-FOR-US: accel-ppp CVE-2021-42869 (A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient ...) NOT-FOR-US: Chikista Patient Management Software CVE-2021-42868 (A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient ...) @@ -39565,9 +39565,9 @@ CVE-2021-42646 (XML External Entity (XXE) vulnerability in the file based servic CVE-2021-42645 (CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnera ...) NOT-FOR-US: CMSimple CVE-2021-42644 (cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerab ...) - TODO: check + NOT-FOR-US: CmsEasy CVE-2021-42643 (cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnera ...) - TODO: check + NOT-FOR-US: CmsEasy CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) NOT-FOR-US: PrinterLogic Web Stack CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) @@ -64601,7 +64601,7 @@ CVE-2021-33026 (The Flask-Caching extension through 1.10.1 for Flask relies on P NOTE: https://github.com/sh4nks/flask-caching/pull/209 NOTE: Negligible security impact CVE-2021-33025 (xArrow SCADA versions 7.2 and prior permits unvalidated registry keys ...) - TODO: check + NOT-FOR-US: xArrow CVE-2021-33024 (Philips Vue PACS versions 12.2.x.x and prior transmits or stores authe ...) NOT-FOR-US: Philips Vue PACS CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-b ...) @@ -64609,7 +64609,7 @@ CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a CVE-2021-33022 (Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or se ...) NOT-FOR-US: Philips Vue PACS CVE-2021-33021 (xArrow SCADA versions 7.2 and prior is vulnerable to cross-site script ...) - TODO: check + NOT-FOR-US: xArrow CVE-2021-33020 (Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key ...) NOT-FOR-US: Philips Vue PACS CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta Electronics DOPSo ...) @@ -64625,7 +64625,7 @@ CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation CVE-2021-33014 RESERVED CVE-2021-33013 (mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized ...) - TODO: check + NOT-FOR-US: mySCADA myPRO CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...) NOT-FOR-US: Rockwell CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series, ...) @@ -64649,7 +64649,7 @@ CVE-2021-33003 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow a CVE-2021-33002 (Opening a maliciously crafted project file may cause an out-of-bounds ...) NOT-FOR-US: WebAccess HMI Designer CVE-2021-33001 (xArrow SCADA versions 7.2 and prior is vulnerable to cross-site script ...) -
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c256aaee by security tracker role at 2022-05-18T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...) + TODO: check +CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL p ...) + TODO: check +CVE-2022-30974 (compile in regexp.c in Artifex MuJS through 1.2.0 results in stack con ...) + TODO: check +CVE-2022-1775 + RESERVED +CVE-2022-1774 + RESERVED +CVE-2022-1773 + RESERVED +CVE-2022-1772 + RESERVED +CVE-2022-1771 + RESERVED +CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) gem throug ...) + TODO: check CVE-2022-30973 RESERVED CVE-2022-1770 @@ -744,7 +762,7 @@ CVE-2021-4228 CVE-2022-30689 (HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not cor ...) NOT-FOR-US: HashiCorp CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privilege esc ...) - {DSA-5137-1} + {DSA-5137-1 DLA-3013-1} - needrestart 3.6-1 (bug #1011154) NOTE: https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30 (v3.6) NOTE: https://www.openwall.com/lists/oss-security/2022/05/17/9 @@ -2544,12 +2562,12 @@ CVE-2022-30056 RESERVED CVE-2022-30055 (Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that ...) NOT-FOR-US: Prime95 -CVE-2022-30054 - RESERVED -CVE-2022-30053 - RESERVED -CVE-2022-30052 - RESERVED +CVE-2022-30054 (In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerab ...) + TODO: check +CVE-2022-30053 (In Toll Tax Management System 1.0, the id parameter appears to be vuln ...) + TODO: check +CVE-2022-30052 (In Home Clean Service System 1.0, the password parameter is vulnerable ...) + TODO: check CVE-2022-30051 RESERVED CVE-2022-30050 (Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via ...) @@ -2562,8 +2580,8 @@ CVE-2022-30047 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection v NOT-FOR-US: Mingsoft MCMS CVE-2022-30046 RESERVED -CVE-2022-30045 - RESERVED +CVE-2022-30045 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + TODO: check CVE-2022-30044 RESERVED CVE-2022-30043 @@ -4413,10 +4431,10 @@ CVE-2022-29438 RESERVED CVE-2022-29437 RESERVED -CVE-2022-29436 - RESERVED -CVE-2022-29435 - RESERVED +CVE-2022-29436 (Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokm ...) + TODO: check +CVE-2022-29435 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann' ...) + TODO: check CVE-2022-29434 RESERVED CVE-2022-29433 (Authenticated (contributor or higher role) Cross-Site Scripting (XSS) ...) @@ -4832,20 +4850,20 @@ CVE-2022-1364 [stretch] - chromium (see DSA 4562) CVE-2022-1363 RESERVED -CVE-2022-1362 - RESERVED -CVE-2022-1361 - RESERVED -CVE-2022-1360 - RESERVED -CVE-2022-1359 - RESERVED -CVE-2022-1358 - RESERVED -CVE-2022-1357 - RESERVED -CVE-2022-1356 - RESERVED +CVE-2022-1362 (The affected On-Premise cnMaestro is vulnerable inside a specific rout ...) + TODO: check +CVE-2022-1361 (The affected On-Premise cnMaestro is vulnerable to a pre-auth data exf ...) + TODO: check +CVE-2022-1360 (The affected On-Premise cnMaestro is vulnerable to execution of code o ...) + TODO: check +CVE-2022-1359 (The affected On-Premise cnMaestro is vulnerable to an arbitrary file-w ...) + TODO: check +CVE-2022-1358 (The affected On-Premise is vulnerable to data exfiltration through imp ...) + TODO: check +CVE-2022-1357 (The affected On-Premise cnMaestro allows an unauthenticated attacker t ...) + TODO: check +CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By default, a ...) + TODO: check CVE-2022-1355 RESERVED - tiff 4.3.0-8 (bug #1011160) @@ -5064,8 +5082,8 @@ CVE-2022-29176 (Rubygems is a package registry used to supply software for the R TODO: check CVE-2022-29175 REJECTED -CVE-2022-29174 - RESERVED +CVE-2022-29174 (countly-server is the server-side part of Countly, a product analytics ...) + TODO: check CVE-2022-29173 (go-tuf is a Go implementation of The Update Framework (TUF). go-tuf do ...) - golang-github-endophage-gotuf [stretch] - golang-github-endophage-gotuf (Vulnerable code not present) @@ -5092,8 +5110,7 @@ CVE-2022-29164 (Argo Workflows is an open source container-native workflow engin
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2021-38711/gitit via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f3a3a4c9 by Salvatore Bonaccorso at 2022-05-18T08:29:13+02:00 Track fixed version for CVE-2021-38711/gitit via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -50537,7 +50537,7 @@ CVE-2021-3710 (An information disclosure via path traversal was discovered in ap CVE-2021-3709 (Function check_attachment_for_errors() in file data/general-hooks/ubun ...) NOT-FOR-US: Apport CVE-2021-38711 (In gitit before 0.15.0.0, the Export feature can be exploited to leak ...) - - gitit (bug #992297) + - gitit 0.15.1.0+dfsg-1 (bug #992297) [bullseye] - gitit (Minor issue) [buster] - gitit (Minor issue) [stretch] - gitit (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3a3a4c99b7553362e04ed99ad13d095ab45bdf4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3a3a4c99b7553362e04ed99ad13d095ab45bdf4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits